CN117040768A - Method and system for realizing personal electronic signature at PC end based on password security code scanning - Google Patents

Method and system for realizing personal electronic signature at PC end based on password security code scanning Download PDF

Info

Publication number
CN117040768A
CN117040768A CN202311305699.8A CN202311305699A CN117040768A CN 117040768 A CN117040768 A CN 117040768A CN 202311305699 A CN202311305699 A CN 202311305699A CN 117040768 A CN117040768 A CN 117040768A
Authority
CN
China
Prior art keywords
server
client
authentication
service
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311305699.8A
Other languages
Chinese (zh)
Inventor
刘伟
梁哲
杜玉海
李明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Confident Information Co ltd
Original Assignee
Confident Information Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Confident Information Co ltd filed Critical Confident Information Co ltd
Priority to CN202311305699.8A priority Critical patent/CN117040768A/en
Publication of CN117040768A publication Critical patent/CN117040768A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/14Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
    • G06K7/1404Methods for optical code recognition
    • G06K7/1408Methods for optical code recognition the method being specifically adapted for the type of code
    • G06K7/14172D bar codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a method and a system for realizing personal electronic signature of a PC (personal computer) end based on password security code scanning, which relate to the technical field of data electronic signature and comprise the steps of initializing system configuration of a client end and creating account cover information of the client end; recording an access terminal identifier, carrying out login authentication on account cover information, and applying a certificate request to a trusted certificate service side after the login authentication is successful; the client enters an access page of a service system, sends a random number service request to the server, acquires random data with a service identifier sent by the server after authentication by application authentication, displays the random data on the access page, sends a request for acquiring a real-time two-dimension code to the server, displays the two-dimension code generated by the server on the access page after receiving the two-dimension code, and then realizes a code scanning signature authentication process of the two-dimension code at the client. The present disclosure reduces the complexity of personnel operations and the amount of repetitive work.

Description

Method and system for realizing personal electronic signature at PC end based on password security code scanning
Technical Field
The disclosure relates to the technical field of data electronic signatures, in particular to a method and a system for realizing personal electronic signatures at a PC end based on password security code scanning.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
In recent years, the rapid development of the internet has become an important engine for the development of socioeconomic performance, and particularly, the rapid development of the mobile phone internet in the field of science and technology has attracted much attention. With the continuous innovation of mobile phone equipment and wireless network technology, people have generated new demands and expectations for information interaction and living habits.
Under the background of globalization, informatization, digitalization and intelligence, the network Internet has deepened to the aspects of life of people, and various industries accelerate the digitalization transformation, thereby achieving remarkable effects in the fields of data mining, intelligent decision making and the like. With rapid evolution of network internet technology and expansion of application scenes, finding balance between convenience and safety is a problem to be solved urgently. How to effectively enhance the data security protection capability and build intelligent topics is also becoming a problem to be solved.
The traditional electronic signature scheme is to solidify the use environment of the user on the special equipment, and provide a safe and reliable electronic signature environment by using special password hardware, namely USB Key, installation of a safety control and the like. However, with rapid development of mobile phone interconnection and gradual increase of mobile phone application share, mobile phone convenient application has entered into development express lanes. The special password hardware terminal scheme is limited by a physical environment and a network link, and the problems of extra carrying, easy loss, damage and the like are solved, so that the requirement of more frequent and complex electronic signature of a current user in a more open and more convenient and unsafe mobile phone network new environment is difficult to meet.
Disclosure of Invention
In order to solve the problems, the method and the system for realizing the electronic signature of the personnel at the PC end based on the password safety code scanning are provided, the problems that the conventional terminal password equipment-USB Key is additionally carried, easy to damage, easy to lose, easy to forget the password, poor in contact and troublesome to update and repair are solved on the basis of the safety function of the terminal password equipment, the mobile phone end rapid, convenient and safe electronic signature technology under the mobile phone Internet environment is realized, and a trusted identity electronic signature technology is provided for a conventional network terminal.
According to some embodiments, the present disclosure employs the following technical solutions:
the method for realizing the personal electronic signature of the PC end based on the password security code scanning is applied to the client and comprises the following steps:
initializing system configuration by a client and creating account set information of the client;
recording an access terminal identifier, carrying out login authentication on account cover information, and applying a certificate request to a trusted certificate service side after the login authentication is successful;
the client enters an access page of a service system, sends a random number service request to the server, acquires random data with a service identifier sent by the server after authentication by application authentication, displays the random data on the access page, sends a request for acquiring a real-time two-dimension code to the server, displays the two-dimension code generated by the server on the access page after receiving the two-dimension code, and then realizes a code scanning signature authentication process of the two-dimension code at the client.
According to some embodiments, the present disclosure employs the following technical solutions:
the method for realizing the personal electronic signature of the PC end based on the password security code scanning is applied to the server end and comprises the following steps:
initializing server system configuration and finishing login authentication;
after receiving a random number service request acquired by a client, the server performs random number operation according to a random number identifier, generates a request abstract, generates a random code with a service identifier and sends the random code to the client;
and after receiving the request of acquiring the real-time two-dimension code from the client again, generating two-dimension code data according to the authentication, and sending the two-dimension code data to the client to realize mobile code scanning signature authentication of the client.
According to some embodiments, the present disclosure employs the following technical solutions:
the system for realizing the personal electronic signature of the PC terminal based on the password security code scanning comprises a client, wherein the client comprises a mobile terminal and a PC terminal, and the mobile terminal is used for initializing system configuration and creating account set information of the client;
recording an access terminal identifier, carrying out login authentication on account cover information, and applying a certificate request to a trusted certificate service side after the login authentication is successful;
the PC side is used for entering an access page of the service system, sending a random number service request to the server side, acquiring random data with a service identifier sent by the server side after authentication of an application right, displaying the random data on the access page, sending a request for acquiring a real-time two-dimension code to the server side, displaying the two-dimension code generated by the server side on the access page after receiving the two-dimension code, and then realizing a code scanning signature authentication process of the two-dimension code at the client side.
According to some embodiments, the present disclosure employs the following technical solutions:
the system for realizing the personal electronic signature of the PC terminal based on the password safety code scanning comprises a conventional service system service terminal and a password same-frequency service terminal, wherein the conventional service system service terminal is used for receiving a random number service request;
and the password same-frequency service end is used for generating a random code with a service identifier by combining the random data and the service system identifier and returning the random code to the client according to the random number identifier.
Compared with the prior art, the beneficial effects of the present disclosure are:
after the initial deployment is finished by using the mobile password same-frequency security module system server system, the initial configuration and verification of information are carried out, including personnel information input, so that the input information is ensured to be correct and matched with specific personnel; generating a personnel service certificate request by using personnel information and obtaining a personnel certificate; managing access application authorization, including access application information and generating application authorization identification; after the configuration of the server system is completed, the mobile terminal password same-frequency security module middleware is integrated and deployed in the access application system, and the authorization identification is imported according to the authorization information, so that the process that the user uses the same mobile terminal equipment to scan code signature authentication under different access terminals is realized, the one-card universality of personnel identity is realized, the authenticity and the credibility of personnel identity, the effective undeniability of operation information and the legal traceability of event behaviors are realized. The code scanning signature authentication technology solves the problems of extra carrying, easy damage, easy loss, easy forgetting of the codes, poor contact, troublesome updating and repair of the code safety terminal in the traditional scheme, and associates fully utilize the convenience and intelligence of mobile terminal interconnection, improve the safety and the friendliness of the service, and reduce the operation complexity and the repeated workload of personnel.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure, illustrate and explain the exemplary embodiments of the disclosure and together with the description serve to explain the disclosure, and do not constitute an undue limitation on the disclosure.
Fig. 1 is a schematic diagram of a method implementation architecture for implementing electronic signature of personal identity at a PC end by code scanning provided by an embodiment of the present disclosure;
fig. 2 is a flowchart of an electronic signature authentication process provided in an embodiment of the present disclosure.
Detailed Description
The disclosure is further described below with reference to the drawings and examples.
It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the present disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments in accordance with the present disclosure. Furthermore, it will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, steps, operations, devices, components, and/or groups thereof.
Example 1
An embodiment of the present disclosure provides a method for implementing electronic signature of a PC-side personnel based on password security code scanning, which is applied to a client, and includes:
initializing system configuration by a client and creating account set information of the client;
recording an access terminal identifier, carrying out login authentication on account cover information, and applying a certificate request to a trusted certificate service side after the login authentication is successful;
the client enters an access page of a service system, sends a random number service request to the server, acquires random data with a service identifier sent by the server after authentication by application authentication, displays the random data on the access page, sends a request for acquiring a real-time two-dimension code to the server, displays the two-dimension code generated by the server on the access page after receiving the two-dimension code, and then realizes a code scanning signature authentication process of the two-dimension code at the client.
The method is applied to the service end and comprises the following steps:
initializing server system configuration and finishing login authentication;
after receiving a random number service request acquired by a client, the server performs random number operation according to a random number identifier, generates a request abstract, generates a random code with a service identifier and sends the random code to the client;
and after receiving the request of acquiring the real-time two-dimension code from the client again, generating two-dimension code data according to the authentication, and sending the two-dimension code data to the client to realize mobile code scanning signature authentication of the client.
As an example, a specific implementation method for realizing the electronic signature of the personnel at the PC end based on the password security code scanning comprises the following steps: the client comprises a mobile terminal and a PC (personal computer).
Step one: initializing the service system password same-frequency service system configuration of the mobile terminal, and creating account cover information of the mobile code scanning terminal;
step two: the password same-frequency security module of the login mobile terminal records the access terminal identification of the mobile code scanning terminal, performs login authentication on account cover information according to the service terminal authentication configuration and the access terminal characteristics of the mobile code scanning terminal, generates a certificate application request after the login authentication is successful, and applies a certificate to a trusted certificate service side;
step three: the PC end sends a request service random number service to the service end, and after the service end of the service system of the service end passes through the application authentication of the password same-frequency server, random number operation is carried out according to the random number identification, a request abstract is generated, and a random code with the service identification is generated and sent to the client;
and after receiving the request of acquiring the real-time two-dimension code from the client again, generating two-dimension code data according to the authentication, and sending the two-dimension code data to the client to realize mobile code scanning signature authentication of the client.
Step four: the client sends a request for acquiring the real-time two-dimension code to the server, the two-dimension code generated by the server is received and displayed on the access page, and then a code scanning signature authentication process of the two-dimension code is realized on the mobile terminal of the client.
Specifically, in the first step, initializing the same-frequency configuration of the service system password of the mobile terminal, and creating account cover information of the mobile code scanning terminal includes: firstly, completing configuration of a system in a mobile terminal server with the same frequency of passwords, and creating account cover information of a mobile code scanning terminal through an account cover of a user of a conventional service system, wherein the account cover information comprises an access number, a name, a mobile code scanning terminal identifier and an authentication configuration of the mobile code scanning terminal.
In the second step, logging in the password same-frequency security module of the mobile terminal, recording the access terminal identifier of the mobile code scanning terminal, and logging in and authenticating the account cover information according to the service terminal authentication configuration and the access terminal characteristic of the mobile code scanning terminal, wherein the logging in and authenticating comprises: the mobile terminal is provided with a mobile terminal password same-frequency security module, a registration account cover is used for logging, the first logging records the access terminal identification of the mobile code scanning terminal, and a biological living body characteristic identification function is started according to the service terminal authentication configuration and the access terminal characteristic of the mobile code scanning terminal to carry out account cover information logging authentication.
Generating a certificate application request after successful login authentication, and applying for a certificate to a trusted certificate service party comprises the following steps: after successful login authentication of account cover information, the common-frequency SM2 key of the mobile terminal and the server side is generated by using a key generation function, a certificate request is generated by using a common-frequency key public key by using a certificate application function, a certificate is applied to a trusted certificate service side, the certificate is imported into a mobile terminal server side password common-frequency security module, and an access side of the mobile terminal automatically synchronizes the certificate to the mobile terminal for standby.
In the third step, returning the random data and the joint data as the request identifier of the current access to the client comprises: the client sends a service random number service request to the server, the server generates random data through application authentication, and the combined data of the random data and the service system identifier is used as a request identifier of the current access to be returned to the client.
The step of generating the accessed two-dimensional code data comprises the following steps: when the client selects the signature authentication of the mobile terminal, the PC sends the user information and the access request identification to the mobile server, and after the password same-frequency server of the server is authenticated, SM3 algorithm operation is carried out on the received data to generate a request abstract, and two-dimensional code data of the access authentication is generated.
The client receives the two-dimensional code picture data, displays the two-dimensional code picture data in a PC (personal computer) end in a picture mode, and waits for the mobile terminal to scan the code.
In the fourth step, the mobile terminal uses the code scanning function of the code-enabled co-frequency security module to acquire two-dimensional code information, uses the code co-frequency service to perform co-frequency code signature on the acquired information, and returns the co-frequency code signature value to the access terminal, and specifically comprises the following steps: after the mobile terminal password same-frequency security module uses the living organism biological characteristics to log in, the two-dimensional code displayed on the access end of the mobile terminal is scanned by using the code scanning function to acquire two-dimensional code information, the acquired information is signed by using the password same-frequency service, and the same-frequency code signature value is returned to the access PC end of the mobile terminal.
After receiving the common-frequency code signature value, the access PC of the mobile terminal sends the signature data and the user information to the conventional service system server, and the conventional service system server sends the received user information and the signature data to the common-frequency server of the mobile code scanning terminal password for verification, returns a verification result, and enters the conventional service system after the verification is passed.
The process of scanning code signature authentication by using the same mobile terminal equipment under different access terminals is realized through the flow, and the scanning code signature authentication is completed when the verification is passed, so that the personnel enter a service system.
As an embodiment, taking a mobile code scanning terminal as a mobile phone terminal as an example, a specific method for realizing a method for realizing personnel electronic signature based on password security code scanning by using the mobile phone terminal is as follows:
step 1: firstly, the mobile phone completes system configuration, and creates mobile phone end account set information through conventional business system user account set or actual user information, wherein the account set information at least comprises mobile phone access number, name, mobile phone end identification and authentication configuration.
Step 2: the mobile phone terminal is provided with a mobile phone password same-frequency security module, a registration account is used for logging in, the first login records the mobile phone access terminal identification, and a biological living body characteristic identification function is started according to the service terminal authentication configuration and the mobile phone access terminal characteristics. After the account cover information is successfully identified, the common-frequency SM2 secret key of the mobile phone access terminal and the password common-frequency server terminal can be generated by using a secret key generation function, a certificate request is generated by using a common-frequency secret key public key by using a certificate application function, a certificate is applied to a trusted certificate service side, the certificate is imported into the common-frequency server, and the mobile phone access terminal automatically synchronizes the certificate to the mobile phone terminal for standby.
After the mobile phone system completes the preliminary deployment, the initial configuration and verification of the information are carried out, wherein the initial configuration and verification comprises the entry of personnel information, so that the entered information is ensured to be correct and matched with specific personnel; generating a personnel service certificate request by using personnel information and obtaining a personnel certificate; managing access application authorization, including access application information and generating application authorization identification;
after the configuration of the server system is completed, the middleware of the mobile phone password same-frequency security module is integrated and deployed in the access application system, and the authorization identification is imported according to the authorization information.
Step 3: the same-frequency server of the mobile phone password sends a service random number service request to the service end, the same-frequency server of the mobile phone password generates random data through application authentication, and the service system returns the combined data of the random data and the service system identifier as a request identifier of the current access to the client. When the client selects mobile phone code scanning signature authentication, user information and a current terminal request identifier are sent to a password same-frequency server of the server, after the server is authenticated, SM3 algorithm operation is carried out on received data to generate a request abstract, and two-dimensional code picture data of the authentication are generated. The server returns the two-dimension code to the client, and the PC of the client receives the two-dimension code picture data, displays the two-dimension code picture data in a picture form in a page, and waits for the mobile phone to scan the code.
Step 4: after the living body biological characteristics are used for logging in, the code scanning function is started to scan the two-dimensional code displayed on the code scanning access terminal, two-dimensional code information is obtained, the obtained information is subjected to the same-frequency code signing by using the same-frequency code service, and the same-frequency code signing value is returned to the access terminal.
After receiving the common-frequency code signature value, the access terminal sends the signature data and the user information to a service system server, the service system server sends the received user information and the received signature data to a password common-frequency server for verification, a verification result is returned, and the verification is completed through the scanning signature authentication at this time and enters a conventional service system.
The mobile code scanning terminal, namely a mobile terminal, can be terminal equipment such as a mobile phone and a tablet personal computer, which can be used for scanning codes.
Further, the specific implementation flow of realizing the PC end signature authentication by the user through the mobile phone end is as follows:
s1: the user uses the mobile phone end login password same-frequency security module to collect living body biological characteristics, a living body characteristic code is generated, the password same-frequency security module is used for carrying out Hash-Mac calculation and transmitting the calculation to the server, and the server verifies the received Hash-Mac value and the pre-collected information to finish identity login authentication of the user;
s2: the method comprises the steps that a PC end is used for accessing a service system page, the page applies a service request to the background, the service requests a random number identifier, the service calls random number operation of the mobile phone password common-frequency service to obtain a random number Rd, and the mobile phone password common-frequency service carries out abstract Hash-mac calculation according to a service authorization identifier Pid to obtain a random code Rhpd with the service identifier;
s3: the service server returns the random code Rhpd with the service identifier to the terminal along with the service system interface, the terminal displays the service system interface, and the random code Rhpd with the service identifier is hidden;
s4: a user selects two-dimension code authentication in a service system page, and the service system page sends the current user Rhpd to the mobile phone password same-frequency service to request generation of a real-time two-dimension code;
s5: the mobile phone password security service returns the received Rhpd generated two-dimensional code data to the request terminal;
s6: the terminal receives the returned real-time two-dimensional code data for display;
s7: the user uses the code scanning function of the mobile phone end password same-frequency security module to scan the real-time two-dimension code data displayed by the code PC end to acquire two-dimension code authentication information;
s8: the user mobile phone end password same-frequency security module sends the two-dimensional code authentication information to a mobile phone end password security service end for effective authentication and identification, and judges user permission and current Rhpd timeliness;
s9: the mobile phone password same-frequency service end and a password same-frequency security module in the mobile phone start same-frequency key operation to form a current user authentication signature;
s10: the PC terminal page acquires a user authentication signature value Sign and current user information Um;
s11: the PC terminal page pushes the user login information Um and Sign to a service server to conduct system account cover information authentication;
s12: after receiving the login information Um and Sign, the service server side adapts the service account system information, acquires authentication information Pd corresponding to the Um, and sends the Pd and Sign to the mobile phone password same-frequency service for signature verification, so that the current user account system is ensured to be a compliance user;
s13: the mobile phone password same-frequency service verifies the signature value Sign and returns a verification result to the business service;
s14: after receiving the verification information, the service system server performs account checking authority adaptation according to the result and returns the account checking authority adaptation to the terminal;
s15: and the business system login terminal displays an authentication result or a current authority visual interface.
The method of the embodiment of the disclosure can be applied to the outpatient service of a hospital, doctors open medical records according to the illness state of the doctor, the doctor needs to log in an electronic medical record system of the hospital, the conventional electronic signature mode adopts a physical UKey mode, the impossibility problem can be effectively prevented, but the problems of carrying, easy damage and the like exist, at the moment, the account login can be realized by using a mobile phone code scanning two-dimension code mode, the digital signature is carried out in the login process, the authenticity and reliability of login identities are ensured, the operation is convenient, and the non-repudiation of the identities of the login personnel is also ensured.
Example 2
An embodiment of the disclosure provides a system for realizing personal electronic signature of a PC terminal based on password security code scanning, which comprises a client and a server, wherein the client comprises a PC terminal and a mobile code scanning terminal; the service end comprises a password same-frequency security service and a conventional service system service end;
the method comprises the steps that in a client, the client comprises a mobile terminal and a PC (personal computer), and the mobile terminal is used for initializing system configuration and creating client account set information;
recording an access terminal identifier, carrying out login authentication on account cover information, and applying a certificate request to a trusted certificate service side after the login authentication is successful;
the PC side is used for entering an access page of the service system, sending a random number service request to the server side, acquiring random data with a service identifier sent by the server side after authentication of an application right, displaying the random data on the access page, sending a request for acquiring a real-time two-dimension code to the server side, displaying the two-dimension code generated by the server side on the access page after receiving the two-dimension code, and then realizing a code scanning signature authentication process of the two-dimension code at the client side.
The server comprises a conventional service system server and a password same-frequency server, wherein the conventional service system server is used for receiving a random number service request;
and the password same-frequency service end is used for generating a random code with a service identifier by combining the random data and the service system identifier and returning the random code to the client according to the random number identifier.
As one embodiment, specific functions performed in the system include:
the client is used for initializing the password same-frequency security module system configuration of the mobile terminal and creating account cover information of the mobile code scanning terminal; logging in a password same-frequency security module of the mobile code scanning terminal, recording an access terminal identifier of the mobile code scanning terminal, carrying out logging in authentication on account cover information according to service terminal authentication configuration and access terminal characteristics of the mobile code scanning terminal, generating a certificate application request after successful logging in authentication, and applying a certificate to a trusted certificate service side;
the client is used for sending a business random number service request by the server, the server generates random data through application authentication, and the random data and the combined data are returned to the client as a request identifier of the current access; the client sends the user information and the access request identification to the server, and the server generates a request abstract so as to generate the two-dimension code picture data of the access authentication.
Further, the client receives the two-dimension code picture data, and displays the two-dimension code picture data in a picture form in the access PC terminal, and waits for the mobile terminal to scan the code.
After the living organism biological characteristics are used for logging in, the mobile terminal password same-frequency security module uses the two-dimension code displayed on the code scanning access terminal with the code scanning function enabled to acquire two-dimension code information, uses the password same-frequency service to carry out same-frequency password signature on the acquired information, and returns the same-frequency password signature value to the access terminal.
After receiving the common-frequency code signature value, the access terminal sends the signature data and the user information to a service system server, the service system server sends the received user information and the received signature data to a password common-frequency server for verification, a verification result is returned, and the verification is completed through the scanning signature authentication at this time and enters a conventional service system.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the specific embodiments of the present disclosure have been described above with reference to the drawings, it should be understood that the present disclosure is not limited to the embodiments, and that various modifications and changes can be made by one skilled in the art without inventive effort on the basis of the technical solutions of the present disclosure while remaining within the scope of the present disclosure.

Claims (10)

1. The method for realizing the personal electronic signature of the PC end based on the password security code scanning is applied to the client end and is characterized by comprising the following steps:
initializing system configuration by a client and creating account set information of the client;
recording an access terminal identifier, carrying out login authentication on account cover information, and applying a certificate request to a trusted certificate service side after the login authentication is successful;
the client enters an access page of a service system, sends a random number service request to the server, acquires random data with a service identifier sent by the server after authentication by application authentication, displays the random data on the access page, sends a request for acquiring a real-time two-dimension code to the server, displays the two-dimension code generated by the server on the access page after receiving the two-dimension code, and then realizes a code scanning signature authentication process of the two-dimension code at the client.
2. The method for implementing personal electronic signature of PC terminal based on password security scan code as recited in claim 1, wherein the client terminal includes a mobile terminal and a PC terminal, initializing system configuration, and creating client terminal account cover information includes: firstly, the mobile terminal completes the configuration of the system in the password same-frequency security module, and creates account cover information of the mobile terminal through a user account cover of a conventional service system, wherein the account cover information comprises a mobile terminal access number, a name, a mobile terminal identification and an authentication configuration.
3. The method for implementing electronic signature of personnel at PC end based on password security code scanning as claimed in claim 1, wherein said recording access end identification, performing login authentication on account cover information includes: the mobile terminal is provided with a mobile code scanning terminal password same-frequency security module, registration account cover is used for logging, the first login records the access terminal identification of the mobile terminal, and a biological living body characteristic identification function is started according to the service terminal authentication configuration and the access terminal characteristics of the mobile terminal to carry out account cover information login authentication.
4. The method for implementing electronic signature of personnel at a PC end based on a password security scan code according to claim 2, wherein generating a request for applying a certificate after successful login authentication, and applying a certificate to a trusted certificate service party comprises: after successful login authentication of account cover information, a common-frequency SM2 key of a password common-frequency server of a mobile terminal and a server is generated by using a key generation function, a certificate request is generated by using a common-frequency key public key by using a certificate application function, a certificate is applied to a trusted certificate service side, and then the certificate is imported into a password common-frequency security module of the mobile terminal, and an access terminal of the mobile terminal automatically synchronizes the certificate to the mobile terminal for standby.
5. The method for realizing the electronic signature of the personnel at the PC end based on the password security code scanning as claimed in claim 1, wherein the step of obtaining the random data with the service identifier sent by the server end after the authentication of the application right authentication comprises the following steps: the client sends a service request of the business random number to the server, and the server generates random data after passing the authentication of the application authentication and returns the random data to the client.
6. The method for realizing the electronic signature of the personnel at the PC end based on the password security code scanning as claimed in claim 1, wherein the step of acquiring the real-time two-dimensional code comprises the following steps: the client sends a request for acquiring the random number identification to the server, the server receives the request, and then performs SM3 algorithm operation according to the random number identification to generate a request abstract, so as to generate two-dimension code data and return the two-dimension code to the client.
7. The method for realizing the personal electronic signature of the PC end based on the password security code scanning is applied to the server end and is characterized by comprising the following steps:
initializing server system configuration and finishing login authentication;
after receiving a random number service request acquired by a client, the server performs random number operation according to a random number identifier, generates a request abstract, generates a random code with a service identifier and sends the random code to the client;
and after receiving the request of acquiring the real-time two-dimension code from the client again, generating two-dimension code data according to the authentication, and sending the two-dimension code data to the client to realize mobile code scanning signature authentication of the client.
8. The method for realizing the electronic signature of the personnel at the PC end based on the password security code scanning as claimed in claim 7, wherein after the two-dimensional code scanning is completed by the client end, the server end receives the PC authentication information of the client end to carry out effective authentication, and meanwhile, the server end and the client end complete the same-frequency key operation to complete signature verification.
9. A system for realizing personal electronic signature of a PC end based on password security code scanning, which realizes the method as set forth in any one of claims 1-6, characterized in that the client comprises a mobile terminal and a PC end, the mobile terminal is used for initializing system configuration and creating client account cover information;
recording an access terminal identifier, carrying out login authentication on account cover information, and applying a certificate request to a trusted certificate service side after the login authentication is successful;
the PC side is used for entering an access page of the service system, sending a random number service request to the server side, acquiring random data with a service identifier sent by the server side after authentication of an application right, displaying the random data on the access page, sending a request for acquiring a real-time two-dimension code to the server side, displaying the two-dimension code generated by the server side on the access page after receiving the two-dimension code, and then realizing a code scanning signature authentication process of the two-dimension code at the client side.
10. A system for realizing personal electronic signature of a PC end based on password security code scanning, which is characterized by realizing the method as claimed in any one of claims 7-8, comprising a conventional service system server and a password same-frequency server, wherein the conventional service system server is used for receiving a random number service request;
and the password same-frequency service end is used for generating a random code with a service identifier by combining the random data and the service system identifier and returning the random code to the client according to the random number identifier.
CN202311305699.8A 2023-10-10 2023-10-10 Method and system for realizing personal electronic signature at PC end based on password security code scanning Pending CN117040768A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311305699.8A CN117040768A (en) 2023-10-10 2023-10-10 Method and system for realizing personal electronic signature at PC end based on password security code scanning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311305699.8A CN117040768A (en) 2023-10-10 2023-10-10 Method and system for realizing personal electronic signature at PC end based on password security code scanning

Publications (1)

Publication Number Publication Date
CN117040768A true CN117040768A (en) 2023-11-10

Family

ID=88623148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311305699.8A Pending CN117040768A (en) 2023-10-10 2023-10-10 Method and system for realizing personal electronic signature at PC end based on password security code scanning

Country Status (1)

Country Link
CN (1) CN117040768A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103366111A (en) * 2013-07-10 2013-10-23 公安部第三研究所 Two-dimensional code based method for realizing extended authentication control of smart card on mobile equipment
CN105024986A (en) * 2014-04-30 2015-11-04 腾讯科技(深圳)有限公司 Account login method, device and system
JP2016006945A (en) * 2014-05-29 2016-01-14 健一 先名 Digital signature two-dimensional code generation device, and digital signature two-dimensional code authentication device
CN107833032A (en) * 2017-10-26 2018-03-23 胡祥义 It is a kind of based on mobile phone without card Bank Account Number implementation method
CN108596309A (en) * 2018-04-24 2018-09-28 重庆大学 Quick Response Code generates and verification method
CN111431719A (en) * 2020-04-20 2020-07-17 山东确信信息产业股份有限公司 Mobile terminal password protection module, mobile terminal and password protection method
CN113641973A (en) * 2021-08-27 2021-11-12 成都卫士通信息产业股份有限公司 Identity authentication method, system and medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103366111A (en) * 2013-07-10 2013-10-23 公安部第三研究所 Two-dimensional code based method for realizing extended authentication control of smart card on mobile equipment
CN105024986A (en) * 2014-04-30 2015-11-04 腾讯科技(深圳)有限公司 Account login method, device and system
JP2016006945A (en) * 2014-05-29 2016-01-14 健一 先名 Digital signature two-dimensional code generation device, and digital signature two-dimensional code authentication device
CN107833032A (en) * 2017-10-26 2018-03-23 胡祥义 It is a kind of based on mobile phone without card Bank Account Number implementation method
CN108596309A (en) * 2018-04-24 2018-09-28 重庆大学 Quick Response Code generates and verification method
CN111431719A (en) * 2020-04-20 2020-07-17 山东确信信息产业股份有限公司 Mobile terminal password protection module, mobile terminal and password protection method
CN113641973A (en) * 2021-08-27 2021-11-12 成都卫士通信息产业股份有限公司 Identity authentication method, system and medium

Similar Documents

Publication Publication Date Title
TWI717728B (en) Identity verification and login method, device and computer equipment
US8904480B2 (en) Social authentication of users
US8955076B1 (en) Controlling access to a protected resource using multiple user devices
KR101574838B1 (en) Personal portable secured network access system
CN112651011B (en) Login verification method, device and equipment for operation and maintenance system and computer storage medium
CN109067697B (en) User account management and control method for hybrid cloud and readable medium
CN114531277B (en) User identity authentication method based on blockchain technology
EP3937040B1 (en) Systems and methods for securing login access
US20210241270A1 (en) System and method of blockchain transaction verification
CN110545274A (en) Method, device and system for UMA service based on people and evidence integration
CN115618399A (en) Identity authentication method and device based on block chain, electronic equipment and readable medium
CN113487321A (en) Identity identification and verification method and system based on block chain wallet
US20230208637A1 (en) Key management method and apparatus
CN110753029B (en) Identity verification method and biological identification platform
CN115150072A (en) Cloud network issuing authentication method, equipment, device and storage medium
KR101696571B1 (en) Personal portable secured network access system
US10929556B1 (en) Discrete data masking security system
WO2021107755A1 (en) A system and method for digital identity data change between proof of possession to proof of identity
CN115967581A (en) Login verification method and device, electronic equipment and storage medium
CN111078649A (en) Block chain-based on-cloud file storage method and device and electronic equipment
CN114584324B (en) Identity authorization method and system based on block chain
CN111125668A (en) Method and system for enhancing login security of Linux operating system based on mobile terminal
CN117040768A (en) Method and system for realizing personal electronic signature at PC end based on password security code scanning
CN114282254A (en) Encryption and decryption method and device, and electronic equipment
US20220417020A1 (en) Information processing device, information processing method, and non-transitory computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination